Software-update: OPNsense 23.7.11

Het pakket OPNsense is een firewall met uitgebreide mogelijkheden. Het is gebaseerd op het besturingssysteem FreeBSD en is oorspronkelijk een fork van m0n0wall en pfSense. Het pakket kan volledig via een webinterface worden ingesteld en heeft onder andere ondersteuning voor mfa, openvpn, ipsec, carp en captive portal. Daarnaast kan het packetfiltering toepassen en beschikt het over een traffic shaper. De ontwikkelaars hebben OPNsense 23.7.11 uitgebracht en de releasenotes voor die uitgave kunnen hieronder worden gevonden.

OPNsense 23.7.11 released

The final test phase for 24.1 is starting just as 23.7 strechtes towards its inevitable end of life. At the moment it is unlcear if this release will be the last one or not so we shall refrain from stating something that may not be true in the coming weeks. Of special note is the Python rewrite of the relevant FreeBSD certctl tool bits that are needed to register certificates in the system. It should be about 30 times faster now than it was before.

Here are the full patch notes:

• system: implement relevant certctl tool functionality in Python to increase performance
• system: fix log severity selector (contributed by kulikov-a)
• system: include IPv6 link-local interface addresses for web GUI and OpenSSH (contributed by Maurice Walker)
• system: update cron and gateways model
• interfaces: obey menu group sequence when specified
• firewall: fix traceback in OpenVPN group alias due to wrong return type
• firewall: fix missing physical_interface() in shaper template
• dhcp: cache backend action "interface list macdb" to increase responsiveness
• dhcp: allow saving with invalid range when IPv4 server is disabled
• dhcp: do not clobber $range_to / $range_from with the legacy test for lower 64 bit only input
• firmware: opnsense-update: avoid rewriting .cshrc and .profile files on base set updates
• firmware: add audit messages for relevant API actions
• firmware: implement "always reboot" option
• firmware: add unlocked mode to launcher script
• firmware: use pluggable package repository scripts
• lang: assorted language updates
• network time: prevent the service from listening on a wildcard when selecting specific interfaces (contributed by doktornotor)
• openvpn: add virtual IPv6 address to widget and status page (contributed by cs-1)
• openvpn: consider clients missing CARP VHID as disabled
• unbound: replace JustDomains with Firebog blocklists (contributed by Amy Nagle)
• unbound: update root hints
• plugins: os-acme-client 3.20
• plugins: os-ddclient 1.19
• plugins: os-wireguard 2.6
• ports: curl 8.5.0
• ports: nss 3.95
• ports: php 8.2.14
• ports: py-netaddr 0.10.0
• ports: squid 6.6
• ports: sudo 1.9.15p4